[Openswan Users] xl2tpd uses inactive mast0 interface

Paul Wouters paul at xelerance.com
Fri Nov 12 12:11:50 EST 2010


On Fri, 12 Nov 2010, Sven Schiwek wrote:

> I have have done some more tests but I found no way to remove the mast0
> interface.

I'm still confused why it is giving you problems....

> Is there a hidden option to bypass all the MAST code? As mentioned
> USE_MAST=false does not solve the problem.

You have to set this and then rebuild KLIPS, not the userland, for it to go away.

Paul

> Sven
>
>
>
> On 11/8/2010 3:05 AM, Sven Schiwek wrote:
>> Hi Paul,
>>
>> thanks for your help.
>> "ifconfig mast 0000 down" or "ifconfig mast0 down" does not resolve the
>> problem. I think because the interface is already down.
>>
>> I have recompiled Openswan with "USE_MAST=false" (I set this option in
>> Makefile.in is this correct?) but the interface is still available (with
>> ifconfig -a).
>>
>> BTW: I have an error in "make minstall" (but an exitcode 0 !?) on a
>> standard Debian Squeeze System (with default Kernel-Headers installed
>> "apt-get install linux-headers-$(uname -r)"). I attached the Makefile
>> output.
>>
>> Sven
>>
>>
>>
>> On 11/5/2010 5:14 PM, Paul Wouters wrote:
>>> On Fri, 5 Nov 2010, Sven Schiwek wrote:
>>>
>>>> I have a problem with a l2tp connection.
>>>> I have a W-Lan router connected to the Openswan server (via eth2),
>>>> Openswan is listening on eth3. When I initiate a l2tp connection from a
>>>> Windows 7 client via W-Lan the ipsec connection is coming up (not the
>>>> l2tp
>>>> part) but then I get this firewall log:
>>>>
>>>> Nov  5 10:51:21 misc1 kernel: [7155469.839899] iptables: INPUT deny
>>>> IN=mast0 OUT=
>>>> MAC=00:25:90:04:3d:cb:00:24:d7:01:d4:b8:08:00:45:00:00:8c:04:fa:00:00:80:11:e3:16:c0:a8:46:70:d5:dd:75:5a:06:a5:06:a5:00:78:f3:4f:c8:02:00:70:00:00:00:00:00:00:00:00:80:08
>>>>
>>>> SRC=192.168.70.112 DST=PUBLICIP LEN=140 TOS=0x00 PREC=0x00 TTL=128
>>>> ID=1274
>>>> PROTO=UDP SPT=1701 DPT=1701 LEN=120 MARK=0x80160000
>>>>
>>>> Yea, this is the mast0 interface but I have not enabled the saref patch
>>>> (ipsec.conf -> protostack=klips) and (xl2tpd.conf -> ipsec saref = no) so
>>>> why do I have traffic to this (disabled but available) interface?
>>>> Openswan 2.6.31 is listening on the external interface 'eth3' - so I want
>>>> to establish a connection from wlan-'eth2' to 'eth3'-Openswan.
>>>
>>> Can you try: ifconfig mast 0000 down
>>>
>>>> Btw. if I allow traffic on the (inactive) mast0 interface (no IP
>>>> assigned)
>>>> I get this xl2tpd messages:
>>>
>>>> $> tail -f /var/log/syslog
>>>> Nov  5 11:54:15 misc1 xl2tpd[24410]: control_finish: Peer requested
>>>> tunnel
>>>> 11 twice, ignoring second one.
>>>> Nov  5 11:54:15 misc1 xl2tpd[24410]: Connection 11 closed to
>>>> 192.168.70.112, port 1701 (Timeout)
>>>> Nov  5 11:54:20 misc1 xl2tpd[24410]: Unable to deliver closing message
>>>> for
>>>> tunnel 1946. Destroying anyway.
>>>
>>> hmm
>>>
>>>> Any help is greatly appreciated.
>>>
>>> I guess you can try recompiling with USE_MAST=false ?
>>>
>>> Perhaps we should add an option to the klips module to initiate the mast0
>>> device or not when build as module?
>>>
>>> Paul
>>>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>


More information about the Users mailing list