[Openswan Users] xl2tpd uses inactive mast0 interface
ml-openswan at svenux.de
Tue Nov 23 08:08:11 EST 2010
thanks for the information.
If I remove the interface and initiate a xl2tp connection the ipsec
tunnel opens correct but then the kernel crashes and the system freezes.
I try to catch the panic next time - I'm working on a live system where
I can not reboot every time I want... :-)
Let me present my network configuration with some more details:
I have a Linux system which is our default gateway to the internet and
which also act as a router to some other networks:
- eth0 (192.168.50.1/23) - Office LAN
- eth1 (192.168.60.1/24) - VoIP LAN (irrelevant for us)
- eth2 (192.168.70.1/24) - Guest LAN (Full NAT to the internet)
- eth3 (184.108.40.206/29) - Internet
Openswan is listening on eth3, xl2tpd is listening on all interfaces.
If I try to establish a xl2tp connection out of the "Guest LAN" to
Openswan, the described problem occurs.
If I initiate a xl2tp session out of the internet the configuration is
working fine and the tunnel comes up.
So I believe the problem is the internal routing between eth2 and eth3.
I try to repeat the problem within a virtual machine - than I can do
some more debugging.
Well, at leased some version information:
=== ipsec.conf ===
=== xl2tpd.conf ===
ip range = 192.168.50.2-192.168.50.254
local ip = 192.168.50.254
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
flow bit = yes
On 11/19/2010 11:28 AM, Paul Wouters wrote:
> On Fri, 12 Nov 2010, Paul Wouters wrote:
>>> I have have done some more tests but I found no way to remove the mast0
> ipsec tncfg --delete mast0
> I've just added some code that removes mast0 on protostack=klips and that
> removes ipsecX on protostack=mast (though currently ipsec0 cannot be
> We will add module init paramters that will allow us to modprobe ipsec
> klips=X and mast=X to ensure unwanted interfaces will not appear.
More information about the Users